Threat Risk Assessments-Factors for Consideration

Threat Risk Assessments (TRAs) come in a wide variety of flavours. They can be general or specific, focussing on a limited location or range of activities.

Considering the variation, one would expect a wide range of factors which should be considered in a discussion of TRAs, and you are largely right. There is however, a fairly stable list of prime factors which should be considered for most general TRAs.

Many of the primary factors which should be considered in a general TRA should include the following:

• Information Management - Files, garbage management, access controls and authorizations
• IT Networks - All electronic communications and data storage capabilities. These are often a separate TRA within the overall TRA due to the size of this file
• Moral Considerations - Perceptions, codes of conduct public relations and employee interactions all play a role here
• Personnel - This is affected by things like labour issues, training, turn-over and criminality
• Market/Industry Factors - This includes the general methods of the industry, and the vulnerability your organization can face from your colleagues and competitors in a modern environment
• Physical Threats (Mobile) - These include fleets and mobile structures, as well as leased or rented movable infrastructure 
• Physical Threats (Fixed) - This includes all fixed and semi-permanent structures and fixtures

This is not an exhaustive list, but it does serve to illustrate a few of the more important considerations you should be looking for in your completed TRA. Contact a local security provider to find out more.

Blogging by Elemental Investigations: Private Investigator Edmonton, a private investigations agency serving Ottawa, Canada and the surrounding area. 

Employee Screening

Employee screening is often misunderstood. People think that running a quick search of credentials through the normal hiring process is sufficient for all hires, despite the fact that most research finds that the majority of resumes and CVs contain falsities from minor to major.

The normal process of checking references on some of your potential hires is the thing that is relied on by potential hires who are fabricating their past. Even HR staff normally will go only so far as to ask a couple of questions to a "former employer" who may have nothing to do with actually ever having been the boss of someone.

While the lighter end of screening is not always a major concern, such as a Mc-Job hire, conducting the same level of scrutiny for professional organizations (which is what is occurring) can expose a company to many potential issues when hiring if the person is not legit. Poor performance, lack of training, mental health issues, criminality and opening up your organization to litigation are among the many risks associated to a bad choice in a hire.

A private investigator can help out with screening programs for sensitive personnel, particularly management and sensitive positions requiring specific knowledge. This includes things like executive hiring, scientific and technical trades, financial services and special access personnel, including things like night shift cleaners who often have free access to a building's interior while unsupervised.

Having a PI augment your internal HR services can be a relatively low cost option to running an internal program as it can be focussed on specific hires deemed at risk to fraudulent hires and allows you to not spend money on a full time in house investigator. Give a local PI a call to see how their screening services can help you.

Postings provided by Elemental Investigations: Private Investigator Edmonton

New Year Outlook

Well, its good to be back from the Christmas and New Year's holidays. We're a little late getting to our New Year's outlook on the coming year, but to be honest, entime off was well deserved. With that in mind, we want to highlight a few things we see as being large or continued stories in 2014 in the world of privacy, investigations and security. Let's see what will shape the landscape on those topics in the coming year:

• Snowden will continue to make waves as the government tries to reign him in. He is holding on to enough juicy tidbits to keep this ball rolling throughout the year. Importantly, the big internet companies will see more action in court as they try and distance themselves from the appearance of being in cahoots with the NSA, and may out out some new encryption standards which have been developed without the special sauce provided by the NSA. 
• Also related to Snowden, look to more operators offering "secure" online interactions. While interesting at the start, they will also lead to a greater level of attacks and sophistication in exploiting perceived protections. Think of Snapchat and Lavabit for those who know.
• On the security front as a whole, we will continue to see the sad march to automation and new standards designed to save mid-level managers the discomfort of taking 4 seconds to secure information. Federal Govenment et al, will see more major blunders as a result.
• On the economy, a stronger economic footing will allow us to enjoy reduced employee based crime as wages and stability help calm the masses. That being said, on the fraud front, managers will be granted relaxed fiscal controls, which will inevitably lead to something about hands and cookie jars. Also on this front, better economic conditions usually also lead to lessened rates of family violence and drug abuse. 
• The investigations industry on the whole in Canada will strengthen we think. This will be due to economic factors which will allow business to tackle problems requiring outside help and the easing of purse strings will help outside of Canada. The push in jurisdicitons such as the UK and the US will also continue towards more regulation of the industry in terms of licencing and basic standards, which should be good news for local investigators and those of us trying to  contract investigators in those countries for assistance with cases elsewhere.

That about does it for our outlook. We definitely are looking forward to 2014 and the new and exciting challenges it will bring. We wish all a happy and prosperous new year!

Blogging provided by Elemental Investigations: Private Investigator Edmonton, a Canadian Private investigations and security consulting agency.

Info Management

There has been a shift in the info management (IM) of business and organizations in the last few years to become a function of (either superior to or subordinate to) the IT side of things. Indeed, the creation of IM Managers and Chief Information Officers (CIOs) is the new sexy in hiring.

Unfortunately, this has taken a significant bite out of security managers and executives power, and in fact has left them holding the less sexy physical security bag, which has become woefully neglected.

The biggest problem with creating a second and third avenue of security responsibility in an organization is that it creates a fragmented approach where each department (2-3 of them) each try and secure their respective castles, with often only a thread of connectivity in the form of a corporate security policy which was likely not created to effectively coordinate separate departments.

The next biggest problem is that major resources tend to go to the sexy side (IT/IM), and the scraps are left to physical. This means that on top of the IT and IM folks likely enjoying the attention of the executive suite more than the physical guy, they also get the bulk of funds and resources and ignore the significant role physical lapses can result in which make IT and IM irrelevant.

Case in point. Super strong network security and a perfectly synchronized access plan (which never occurs by the way) will be easily outmanoeuvred by someone picking through the garbage, talking to staff after work or digging up some dirt and doing an old fashioned intelligence recruitment.

There has to be more to the IM and IT planning than just having strong capabilities in network security and managed information flows. The old fashioned approach of physical security should be the driving force still in the current security model, as things haven't actually changed, even though the pedlars of these systems may claim otherwise.

The most effective security model then is one which is drawn up by one sole security source (usually being the physical security guy), which then incorporates how information will be managed from physical to electronic and back to physical mediums. This will ensure unity of effort, reduced costs in terms of security staff, better understanding of the overall security picture by personnel and a more effective plan overall.

Blog courtesy of Elemental Investigations: Private Investigator Edmonton, which is a security and investigations agency in Ottawa, Canada. They are located on the web at www.elementalpi.ca 

Security Surveys

Security Surveys are a handy tool to assess the effectiveness of a security plan/system.

Contrary to some perceptions, security needs to be continuously reviewed and adapted to the changing environment, or else it risks becoming out of date and irrelevant.

The security survey should always be performed by a neutral third party, which ensures that corporate group think and egos stay out of the way of properly assessing the effectiveness of your security. The survey will look at things like current practices, how they are understood and are being followed by staff, technology changes, attitudes to the organization, threats to the industry and any other factor which could conceivably impact the security of your organization or operation.

This will allow managers and executives to look at the various weak points in a security plan and determine whether or not they will mitigate the issue or deal with it head on. It will also help assign resources to more effective areas, which can ease resource demands and even save some cash.

The security survey should be performed yearly for security sensitive organizations, and every 3-5 years for other organizations to keep them effective. These should be paired to the Threat Risk Assessments for your organization as well to give the most effective and comprehensive security picture of your organization to keep your staff and assets as secure as possible.

Blog content provided by Elemental Investigations: Private Investigator Edmonton, which is a security and investigations agency operating out of Edmonton Canada.

Threat Risk Assessments

Threat Risk Assessments (TRAs) are a well known function in the security world, but often confused in the real world. Largely, I see TRAs associated to IT functions and information management (IM), and not a part of the whole security ecosystem of a business or organization.

This is unfortunate and is largely representative of the sad state of security planning as the TRA should overarch the IT/IM segment of a business and force it to conform to the security plan of the larger organization, rather than be treated as a separate issue.

The TRA is an analysis of the threats faced by an organization or business. This looks at all threats and threat vectors, including online, physical, financial, legal, etc. It then makes a determination of the likelihood of occurring given the current state of the world and the current security capabilities of the client organization. Lastly, it makes an assessment of the degree of harm to the organization should an attack occur.

Essentially, a TRA will allow you to understand what you should be most concerned about which will allow you to use security resources to their best potential, which has the added benefit of saving you money. How? Well, when you go direct to a security company, they will inevitably want to sell you the cadillac of security services. Nothing wrong with that and it is expected, but without actually knowing about your security threats and your own footing, you may buy the Cadillac when you only need the Hyundai and a little knowledge of how to mitigate your threats.

Many individuals offer TRA services, and you should always look to obtain the TRA from someone who is not aligned with the security systems provider. This will ensure you are getting the best information on what you need to protect before you look at the shiny gadgets to buy at a premium.

Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca

Insurance Fraud

Insurance fraud hurts us all is the sad refrain of insurance companies and while most people tend to view these companies as organizations which are largely unworthy of sympathy, it really does hit everyone in the pocket book, and not just the big insurance companies in the form of higher premiums and stricter guidelines.

Insurance fraud really exists everywhere insurance itself exists, after all, one usually needs to prove only harm or loss and they can get a cheque cut to them. The fraud types are varied across these spectrums, from the slip scam in the grocery store, to the rear end scam where someone is goaded into running into the rear of another car, to the workers insurance scam where a false claim of workplace injury is presented.

These examples are but a tiny tip of the iceberg, but they show the prevalence of them as we all know exactly how these scams work, yet they still persist and remain effective ways of scamming the system.

Largely it is the insurance company which will launch an investigation as it balances the need to find out what happened with the costs of litigation or settling. This is happening a bit more now days as the previous policies of settling rather than fighting claims in court has largely failed as the claims were not only paid out, but encouraged scammers to put in more claims as they knew they would not be challenged. Private individuals and companies have also begun doing their own investigations as well though, as organizations such as workers compensation, which are often government run or managed tend to be overloaded with cases and cannot respond effectively to all claims needing investigation.

When this occurs, Private Investigators (PIs) have always been the go to folks to look into these scams and present evidence as to the actual state of the individual making claims. Surveillance, history and interviews all come into the investigative process to give the interested parties the information needed to assess whether or not a false claim has been made, then pursue it in court.

Call a local PI today to find out what kind of services they can provide you!

Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca